just had the same experience, couldnt update MSonline till [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 was ran.
but now all ok.
Connect-MSOLService : Authentication Error: Unexpected authentication failure. on ADFS Server
We have an issue from ADFS Server itself to login to AzureAD with federated account. We want to convert another UPN Domain from managed to federated, from what I found this needs to be done from the ADFS Server itself (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/convert-a-managed-domain-in-azure-ad-to-a-federated-domain-using/ba-p/258963).
We have no issues with logins from any other PC, Site, browser etc. I can hardly remember, we had this issue in the past, several years ago when we converted our second domain from managed to federated. but I cannot recall how we solved it back then.
We get an error from PowerShell CLI as well as from a browser login attempt.
From Powershell:
Connect-MSOLService
Connect-MSOLService : Authentication Error: Unexpected authentication failure.
At line:1 char:1
+ Connect-MSOLService
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], Exception
+ FullyQualifiedErrorId : System.Exception,Microsoft.Online.Administration.Automation.ConnectMsolService
From browser:
Message: AADSTS50107: The requested federation realm object 'http://domainname.intra/adfs/services/trust/' does not exist.
But then I figured this error only shows up in Internet Explorer, with Edge or Chrome it works, but still not from PowerShell
If I run Get-PSRepository
on my ADFS server, I get an empty list, while on another server it lists PSGallery
Get-PSRepository
WARNING: Unable to find module repositories.
PS C:\Windows\system32> get-psrepository
Name InstallationPolicy SourceLocation
---- ------------------ --------------
PSGallery Untrusted https://www.powershellgallery.com/api/v2
But if I want to add it to my ps repository, it says
Get-PSGalleryApiAvailability : PowerShell Gallery is currently unavailable. Please try again later.
Still https://www.powershellgallery.com/api/v2 returns xml content in browser
Any idea how to get my Connect-MSOLService command work on my ADFS Server?
BTW: on my failover ADFS where get-psrepository lists PSGallery, after running [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
I can succesfully run Connect-MsolService
afterwards. But onmy primary ADFS I cannot add PSGallery.
And secondary ADFS server is read-only so Get-MsolFederationProperty -Domainname domain.com
returns
Get-MsolFederationProperty : PS0033: This cmdlet cannot be executed from a secondary server in a local database farm.
.......
kind regards,
Dieter
-
James 91 Reputation points
2022-09-14T05:51:04.237+00:00
4 additional answers
Sort by: Most helpful
-
Dieter Tontsch (GMail) 957 Reputation points
2022-09-07T08:17:49.353+00:00 If I try so it gives me this:
PS C:\Users\administrator.MOBILEXNEW> Install-Module -Name MSOnline -Force NuGet provider is required to continue PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or 'C:\Users\administrator.MOBILEXNEW\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and import the NuGet provider now? [Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''. WARNING: Unable to download the list of available providers. Check your internet connection. PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7405 char:21 + ... $null = PackageManagement\Install-PackageProvider -Name $script:N ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-PackageProvider], Exception + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackageProvider PackageManagement\Import-PackageProvider : No match was found for the specified search criteria and provider name 'NuGet'. Try 'Get-PackageProvider -ListAvailable' to see if the provider exists on the system. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7411 char:21 + ... $null = PackageManagement\Import-PackageProvider -Name $script:Nu ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (NuGet:String) [Import-PackageProvider], Exception + FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.ImportPackageProvider WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''. WARNING: Unable to download the list of available providers. Check your internet connection. PackageManagement\Get-PackageProvider : Unable to find package provider 'NuGet'. It may not be imported yet. Try 'Get-PackageProvider -ListAvailable'. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7415 char:30 + ... tProvider = PackageManagement\Get-PackageProvider -Name $script:NuGet ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Microsoft.Power...PackageProvider:GetPackageProvider) [Get-PackageProvider], Exception + FullyQualifiedErrorId : UnknownProviderFromActivatedList,Microsoft.PowerShell.PackageManagement.Cmdlets.GetPackageProvider Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' or newer version of NuGet provider is installed. At line:1 char:1 + Install-Module -Name MSOnline -Force + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module
It's also weird that also get-psrepository returns:
PS C:\Users\administrator.MOBILEXNEW> get-psrepository WARNING: MSG:UnableToDownload «https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409» «» WARNING: Unable to download the list of available providers. Check your internet connection. WARNING: Unable to find module repositories.
But from the same machine I can browse https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409 and do get an XML content.
Once I run [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 andGet-PSrepository
afterwards, I just do get Unable to find module repositories.Finaly I made it work this way:
- manually created Folder PowerShellGet in %userprofile%\appdata/Local\Microsoft\Windows\PowerShell, inside I created an ampty file PSRepositories.xml
-
- I took the content from another PC where this file was in place and pasted it into that xml, actually one can copy a PSRepositories.xml from somewhre else
- Then, only after I ran [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 again prior to any other command I could run Get-PSRepository and finally get my PSgallery now. (without [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 I do get my repo but with warnings that again WARNING: MSG:UnableToDownload «https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409» «» ...)
- now I could finally install MSOnline (Install-Module -Name MSOnline -Force)
- and in the very end my command Connect-MSOLService sccessfully works.
- but without this [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 nothing works, why is that?
-
Limitless Technology 39,661 Reputation points
2022-09-07T07:42:40.52+00:00 Hello there,
Try installing the new MSOnline Powershell module with the following command in a Powershell prompt with administrator permissions:
Install-Module -Name MSOnline -Force
I think the older module must have been using an API or service endpoint that was retired somewhere in the last couple of weeks.
Also, try Uninstalling the Azure AD Powershell module from the Windows control panel. This module is obsolete.
---------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–
-
Daymi_MS 1 Reputation point
2022-11-03T13:24:45.783+00:00 Hi there!
We ran into the same issue and the permanent fix was to enable TLS 1.2 on the ADFS server(s) you use to connect to Azure AD by making a few registry changes.More information on this, including PowerShell scripts to automate how to check status and enable TLS 1.2, can be found here:
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-tls-enforcementMore details on why this change is required:
https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/enable-support-tls-environment?tabs=azure-monitorI hope this helps!
-
Mark Morowczynski 251 Reputation points Microsoft Employee
2022-11-12T21:27:58.233+00:00 Can I ask why are you moving a domain from managed auth to federated auth?